Skip to content

Commit

Permalink
Change research page to be more focused (#267)
Browse files Browse the repository at this point in the history
* Change research page to be more focused

Clients have been moved to the contributing section. Long term plan for
the research page is to describe more opportunities to collaborate on
research.

Signed-off-by: Hayden Blauzvern <[email protected]>

* Fix lint

Signed-off-by: Hayden Blauzvern <[email protected]>

* Fix more lint

Signed-off-by: Hayden Blauzvern <[email protected]>

---------

Signed-off-by: Hayden Blauzvern <[email protected]>
  • Loading branch information
haydentherapper authored Nov 6, 2023
1 parent 1036fa7 commit fb21144
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 22 deletions.
18 changes: 18 additions & 0 deletions content/en/about/contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,23 @@ To contribute to Sigstore as a developer, check out the following repositories f
- [Rekor](https://github.com/sigstore/rekor)
- [Fulcio](https://github.com/sigstore/fulcio)

### Sigstore clients

- Go:
- [sigstore/sigstore-go](https://github.com/sigstore/sigstore-go)
- [sigstore/sigstore](https://github.com/sigstore/sigstore)
- [Sigstore Go meeting notes](https://docs.google.com/document/d/1EcJIhqSS9E86cHAQXaXiu2_r1s0kNbHz4uLLwwGo-vw/edit)
- Python:
- [sigstore/sigstore-python](https://github.com/sigstore/sigstore-python)
- Java and Maven:
- [sigstore/java](https://github.com/sigstore/sigstore-java)
- [sigstore/sigstore-maven](https://github.com/sigstore/sigstore-maven)
- [sigstore/sigstore-maven-plugin](https://github.com/sigstore/sigstore-maven-plugin)
- [Sigstore Java meeting notes](https://docs.google.com/document/d/1R7mL-IUrc2Z_LuOIvwDWshVuPQS_2VNE_cIQx4Oy5zw/edit)
- JavaScript: [sigstore/sigstore-js](https://github.com/sigstore/sigstore-js)
- Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs)
- Ruby: [sigstore/ruby-sigstore](https://github.com/sigstore/ruby-sigstore)

## Contributing to the documentation

This covers a few basics to get you started. It covers pointers for writing clear, consistent technical documentation, some tips and tricks you can use in Nuxt, to sigstore community policies on changing and reviewing content.
Expand Down Expand Up @@ -65,6 +82,7 @@ The Nuxt documentation is a great first stop for anyone new to writing technical
Resource: https://content.nuxtjs.org/

## Community

The [sigstore/community](https://github.com/sigstore/community/) repository contains the most up-to-date information about how to get involved with the Sigstore project and its community.
In this repository you can find our [code of conduct](https://github.com/sigstore/community/blob/main/CODE_OF_CONDUCT.md) and our [contributing guidelines](https://github.com/sigstore/community/blob/main/CONTRIBUTING.md).

Expand Down
31 changes: 9 additions & 22 deletions content/en/about/research.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,16 @@ title: Research
weight: 40
---

The Sigstore Rekor project was initiated by Luke Hinds with Red Hat as the founding company in mid-2020. Later, Bob Callaway and Dan Lorenc joined as co-founders of the Sigstore project, which launched in March 2021 with the three major projects of Rekor, Fulcio, and Cosign. Sigstore became a Linux Foundation project on March 9, 2021, [citing founding members](https://www.linuxfoundation.org/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/) that include Red Hat, Google, and Purdue University. On October 25, 2022, Sigstore was marked publicly available as it announced [general availability for Rekor and Fulcio](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d/).
## Sigstore Research

## Relevant Research
- [Sigstore: Software Signing for Everybody](https://dl.acm.org/doi/10.1145/3548606.3560596)

Academic and industry research related to software supply chain security, transparency, reproducibility, and more:

* [Software Distribution Transparency and Auditability](https://arxiv.org/abs/1711.07278)
* [Contour: A Practical System for Binary Transparency](https://arxiv.org/abs/1712.08427)
* [Reproducible Builds: Break a log, good things come in trees](https://bora.uib.no/bora-xmlui/handle/1956/20411)
* [Dependency Issues: Solving the World's Open-Source Software Security Problem](https://warontherocks.com/2022/05/dependency-issues-solving-the-worlds-open-source-software-security-problem/)
* [Software Supply-Chain Security Reading List](https://github.com/chainguard-dev/ssc-reading-list)
## Software Supply Chain Research

## Sigstore and Programming Language Communities
Academic and industry research related to software supply chain security, transparency, reproducibility, and more:

* Go: [sigstore/sigstore](https://github.com/sigstore/sigstore)
* Python:
* [sigstore/sigstore-python](https://github.com/sigstore/sigstore-python)
* [Securing the Open Source Software Supply Chain at PyCon](https://www.youtube.com/watch?v=i1QqhGsbX6Y)
* Ruby:
* [sigstore/ruby-sigstore](https://github.com/sigstore/ruby-sigstore)
* [Gems security](https://docs.ruby-lang.org/en/2.1.0/Gem/Security.html)
* Java and Maven:
* [sigstore/java](https://github.com/sigstore/sigstore-java)
* [sigstore/sigstore-maven](https://github.com/sigstore/sigstore-maven)
* [Sigstore Java meeting notes](https://docs.google.com/document/d/1R7mL-IUrc2Z_LuOIvwDWshVuPQS_2VNE_cIQx4Oy5zw/edit)
* Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs)
- [Software Distribution Transparency and Auditability](https://arxiv.org/abs/1711.07278)
- [Contour: A Practical System for Binary Transparency](https://arxiv.org/abs/1712.08427)
- [Reproducible Builds: Break a log, good things come in trees](https://bora.uib.no/bora-xmlui/handle/1956/20411)
- [Dependency Issues: Solving the World's Open-Source Software Security Problem](https://warontherocks.com/2022/05/dependency-issues-solving-the-worlds-open-source-software-security-problem/)
- [Software Supply-Chain Security Reading List](https://github.com/chainguard-dev/ssc-reading-list)

0 comments on commit fb21144

Please sign in to comment.